Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,749
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

819 advisories

Loading
A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as... Moderate Unreviewed
CVE-2025-3536 was published Apr 13, 2025
A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been... Moderate Unreviewed
CVE-2025-3537 was published Apr 13, 2025
Grokability Snipe-IT has incorrect authorization for accessing asset information Moderate
CVE-2025-47226 was published for snipe/snipe-it (Composer) May 2, 2025
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A... High Unreviewed
CVE-2023-50342 was published Jan 3, 2024
A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1... Moderate Unreviewed
CVE-2025-5182 was published May 26, 2025
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for... Moderate Unreviewed
CVE-2025-4691 was published May 31, 2025
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper... Moderate Unreviewed
CVE-2018-10211 was published May 13, 2022
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0... Moderate Unreviewed
CVE-2023-7199 was published Jan 29, 2024
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Mar 3, 2025
TomTervoort AnonySE26
Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow... High Unreviewed
CVE-2025-40650 was published May 26, 2025
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference Moderate
CVE-2025-48207 was published for renolit/reint-downloadmanager (Composer) May 21, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated,... Moderate Unreviewed
CVE-2025-20114 was published May 21, 2025
A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability... Moderate Unreviewed
CVE-2025-4119 was published Apr 30, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Chimpstudio WP JobHunt allows... Moderate Unreviewed
CVE-2025-39537 was published May 16, 2025
In affected versions of Octopus Server it is possible to reveal information about teams via the... Moderate Unreviewed
CVE-2022-2828 was published Oct 13, 2022
A vulnerability, which was classified as problematic, has been found in SourceCodester Best... Moderate Unreviewed
CVE-2025-1607 was published Feb 24, 2025
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... Moderate Unreviewed
CVE-2025-3769 was published May 14, 2025
The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2024-8988 was published May 14, 2025
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any... High Unreviewed
CVE-2022-33077 was published Oct 19, 2022
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-3605 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3811 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3810 was published May 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database